# Suricata stats and alerts plugin
[[inputs.suricata]]
  ## Source
  ## Data sink for Suricata stats log. This is expected to be a filename of a
  ## unix socket to be created for listening.
  # source = "/var/run/suricata-stats.sock"

  ## Delimiter
  ## Used for flattening field keys, e.g. subitem "alert" of "detect" becomes
  ## "detect_alert" when delimiter is "_".
  # delimiter = "_"

  ## Metric version
  ## Version 1 only collects stats and optionally will look for alerts if
  ## the configuration setting alerts is set to true.
  ## Version 2 parses any event type message by default and produced metrics
  ## under a single metric name using a tag to differentiate between event
  ## types. The timestamp for the message is applied to the generated metric.
  ## Additional tags and fields are included as well.
  # version = "1"

  ## Alerts
  ## In metric version 1, only status is captured by default, alerts must be
  ## turned on with this configuration option. This option does not apply for
  ## metric version 2.
  # alerts = false